Adjusted force-ssl to work with the forwarded header (RFC 7239). (meteor#8440)

* Adjusted force-ssl to work with the forwarded header (RFC 7239).

* Fixed invalid Object.assign call.

Author: hwillson

packages/force-ssl-common/.npm/package/.gitignore

@@ -0,0 +1 @@
+node_modules

packages/force-ssl-common/.npm/package/README

@@ -0,0 +1,7 @@
+This directory and the files immediately inside it are automatically generated
+when you change this package's NPM dependencies. Commit the files in this
+directory (npm-shrinkwrap.json, .gitignore, and this README) to source control
+so that others run the same versions of sub-dependencies.
+
+You should NOT check in the node_modules directory that Meteor automatically
+creates; if you are using git, the .gitignore file tells git to ignore it.

packages/force-ssl-common/.npm/package/npm-shrinkwrap.json

@@ -0,0 +1,5 @@
+# force-ssl-common
+[Source code of released version](https://github.com/meteor/meteor/tree/master/packages/force-ssl-common) | [Source code of development version](https://github.com/meteor/meteor/tree/devel/packages/force-ssl-common)
+***
+
+This is an internal Meteor package.

packages/force-ssl-common/README.md

@@ -0,0 +1,32 @@
+import forwarded from 'forwarded-http';
+
+// Determine if the connection is only over localhost. Both we
+// received it on localhost, and all proxies involved received on
+// localhost (supports "forwarded" and "x-forwarded-for").
+const isLocalConnection = (req) => {
+  const localhostRegexp = /^\s*(127\.0\.0\.1|\[?::1\]?)\s*$/;
+  const request = Object.create(req);
+  request.connection = Object.assign(
+    {},
+    req.connection,
+    { remoteAddress: req.connection.remoteAddress || req.socket.remoteAddress }
+  );
+  const forwardedParams = forwarded(request);
+  let isLocal = true;
+  Object.keys(forwardedParams.for).forEach((forKey) => {
+    if (!localhostRegexp.test(forKey)) {
+      isLocal = false;
+    }
+  });
+  return isLocal;
+};
+
+// Determine if the connection was over SSL at any point. Either we
+// received it as SSL, or a proxy did and translated it for us.
+const isSslConnection = (req) => {
+  const forwardedParams = forwarded(req);
+  return req.connection.pair
+      || forwardedParams.proto && forwardedParams.proto.indexOf('https') !== -1;
+};
+
+export { isLocalConnection, isSslConnection };